Solved: Re: Cisco Meeting Server User Account's Expires after Six Months

neil.moran · ‎02-21-2018

Hi Guys,

I have a Cisco Meeting Server version 2.2.7. I use TMS to manage the CMS server that requires a username and password. I assume once the user account expires then I can't manage the CMS server until I reset the password for another six months, this also seems to be the case in the latest document I can find for CMS.

Does anyone knwo if there are any plans to have the option to disable the user expiry after six months?

Thanks

Neil

Jaime Valencia · ‎02-21-2018

Roadmap questions are NDA and cannot be answered in public forums, there's an option to change that timeframe already implemented

user rule password_age Enforces a maximum age for passwords in days

https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscoMeetingServer/Reference_Guides/Version-2-2/Cisco-Meeting-Server-MMP-Command-Reference-2-2.pdf

I think the max is 9999 or 99999

HTH

java

if this helps, please rate

View solution in original post

Jaime Valencia · ‎02-21-2018

Roadmap questions are NDA and cannot be answered in public forums, there's an option to change that timeframe already implemented

user rule password_age Enforces a maximum age for passwords in days

https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscoMeetingServer/Reference_Guides/Version-2-2/Cisco-Meeting-Server-MMP-Command-Reference-2-2.pdf

I think the max is 9999 or 99999

HTH

java

if this helps, please rate

neil.moran · ‎02-22-2018

that's worked perfectly.

Thanks for your help Jamie

jobogard · ‎11-15-2018

Confirmed 999999 is the max.

cfurbush1 · ‎02-16-2020

Hello,

Thanks for the information. I did the command

user rule password_age 9999

Is there a way to test the command without waiting 90 days?

Thank you

robert.p · ‎12-18-2023

I created a new user and that reflected the change in expiration date. The other accounts might actually still expire at the date shown. We are considering just deleting and readding all accounts, so their expiration dates are extended.

Patrick Sparkman · ‎02-21-2018

As Jaime mentions, workaround is to change the max number of days that passwords expires, you can set it to something stupid high and not have to worry about it ever, because you can set the expiration age so high is essentially disabling it until it's time to upgrade or replace CMS with something else.
I haven't tested it myself, but from what someone told me, the example he gave me was for 1000000 days, which would expire in like year 4755 or something.

neil.moran · ‎02-22-2018

Thanks for your reply Patrick.

peteryun · ‎07-30-2018

Is max 2915520? Seems like CMS is allowing more than 99999.

jlcembellin · ‎08-14-2018

Hello. Be carefull with this. There is a bug affecting authentication on CMS. you can lose complet acces to CMS management.On my system:
Using username "admin".
Using keyboard-interactive authentication.
Please enter password:
Send automatic password (Using keyboard-interactive authentication)
Using keyboard-interactive authentication.
Password has expired
Please enter new password:
Using keyboard-interactive authentication.
Please enter new password again:
Using keyboard-interactive authentication.
Too soon to change password; not allowed until 2291-Nov-13
Access denied
Using keyboard-interactive authentication.
Please enter password:

The bug is CSCvi67053

Cisco Meeting Server, unable to change Admin password
CSCvi67053
Description
Symptom:
Unable to change admin password, when set min_password_age is larger than the password_age

Conditions:
CMS is a Virtual Machine
Only one admin user is on the system.
Set user set min_password_age on CMS so that it is longer than the password age (either explicitly or implicitly)
Wait for password for admin user to expire.
When user tries to change password get the message:
Too soon to change password; not allowed until (date)

Workaround:
None, there is no workaround, only re-deploy

Further Problem Description:
CMS security model is that having locked out the whole system it needs to be redeployed from scratch. Backups from the old system can be used.

Customer Visible
Was the description about this Bug Helpful?
(1)
Details
Last Modified:
Jul 30,2018
Status:
Open
Severity:
6 Enhancement
Product:
(1)
Cisco Meeting Server
Support Cases:
2

gfolens · ‎10-23-2018

It would be helpful if the MMP documentation indicates the default and maximum values.

Apparently there is no way to see the actual values for password_age and min_password_age.

John F · ‎01-03-2019

user rule

will show the rules that have been implemented. It does not however show the defaults. So that would be a nice addition to CMS.